import useBaseUrl from "@docusaurus/useBaseUrl";
import ZoomableImage from "/src/theme/ZoomableImage.js";

# API Keys

## Introduction

Langflow offers an API Key functionality that allows users to access their individual components and flows without going through traditional login authentication. The API Key is a user-specific token that can be included in the request's header or query parameter to authenticate API calls. The following documentation outlines how to generate, use, and manage these API Keys in Langflow.

## Generating an API Key

### Through Langflow UI

{/* add image img/api-key.png */}

<ZoomableImage
  alt="Docusaurus themed image"
  sources={{
    light: useBaseUrl("img/api-key.png"),
    dark: useBaseUrl("img/api-key.png"),
  }}
  style={{ width: "50%", maxWidth: "600px", margin: "0 auto" }}
/>

1. Click on the "API Key" icon.
2. Click on "Create new secret key".
3. Give it an optional name.
4. Click on "Create secret key".
5. Copy the API key and store it in a secure location.

## Using the API Key

### Using the `x-api-key` Header

Include the `x-api-key` in the HTTP header when making API requests:

```bash
curl -X POST \
  http://localhost:3000/api/v1/process/<your_flow_id> \
  -H 'Content-Type: application/json'\
  -H 'x-api-key: <your api key>'\
  -d '{"inputs": {"text":""}, "tweaks": {}}'
```

With Python using `requests`:

```python
import requests
from typing import Optional

BASE_API_URL = "http://localhost:3001/api/v1/process"
FLOW_ID = "4441b773-0724-434e-9cee-19d995d8f2df"
# You can tweak the flow by adding a tweaks dictionary
# e.g {"OpenAI-XXXXX": {"model_name": "gpt-4"}}
TWEAKS = {}

def run_flow(inputs: dict,
            flow_id: str,
            tweaks: Optional[dict] = None,
            apiKey: Optional[str] = None) -> dict:
    """
    Run a flow with a given message and optional tweaks.

    :param message: The message to send to the flow
    :param flow_id: The ID of the flow to run
    :param tweaks: Optional tweaks to customize the flow
    :return: The JSON response from the flow
    """
    api_url = f"{BASE_API_URL}/{flow_id}"

    payload = {"inputs": inputs}
    headers = {}

    if tweaks:
        payload["tweaks"] = tweaks
    if apiKey:
        headers = {"x-api-key": apiKey}

    response = requests.post(api_url, json=payload, headers=headers)
    return response.json()

# Setup any tweaks you want to apply to the flow
inputs = {"text":""}
api_key = "<your api key>"
print(run_flow(inputs, flow_id=FLOW_ID, tweaks=TWEAKS, apiKey=api_key))
```

### Using the Query Parameter

Alternatively, you can include the API key as a query parameter in the URL:

```bash
curl -X POST \
  http://localhost:3000/api/v1/process/<your_flow_id>?x-api-key=<your_api_key> \
  -H 'Content-Type: application/json'\
  -d '{"inputs": {"text":""}, "tweaks": {}}'
```

Or with Python:

```python
import requests

BASE_API_URL = "http://localhost:3001/api/v1/process"
FLOW_ID = "4441b773-0724-434e-9cee-19d995d8f2df"
# You can tweak the flow by adding a tweaks dictionary
# e.g {"OpenAI-XXXXX": {"model_name": "gpt-4"}}
TWEAKS = {}

def run_flow(inputs: dict,
            flow_id: str,
            tweaks: Optional[dict] = None,
            apiKey: Optional[str] = None) -> dict:
    """
    Run a flow with a given message and optional tweaks.

    :param message: The message to send to the flow
    :param flow_id: The ID of the flow to run
    :param tweaks: Optional tweaks to customize the flow
    :return: The JSON response from the flow
    """
    api_url = f"{BASE_API_URL}/{flow_id}"

    payload = {"inputs": inputs}
    headers = {}

    if tweaks:
        payload["tweaks"] = tweaks
    if apiKey:
        api_url += f"?x-api-key={apiKey}"

    response = requests.post(api_url, json=payload, headers=headers)
    return response.json()

# Setup any tweaks you want to apply to the flow
inputs = {"text":""}
api_key = "<your api key>"
print(run_flow(inputs, flow_id=FLOW_ID, tweaks=TWEAKS, apiKey=api_key))
```

## Security Considerations

- **Visibility**: The API key won't be retrievable again through the UI for security reasons.
- **Scope**: The key only allows access to the flows and components of the specific user to whom it was issued.

## Revoking an API Key

To revoke an API key, simply delete it from the UI. This will immediately invalidate the key and prevent it from being used again.
